Keycloak follows OIDC spec, and you can use any of flows, defined in OAuth2 [1] as well as some additional flows added in OIDC OIDC dictates usage of JWT, so access tokens (as well as refresh_token, id_token and others are JWT) will be returned in JWT format To find out addresses of token and authentication, keycloak provides OIDC discovery url, i.e. http://keycloakhost:keycloakport /auth/realms/{realm}/.well-known/openid-configuration There are bunch of libs that will allow to simplify token request procedures written for OIDC spec. But Keycloak has a set of adapters written, that can fit nicely into your existing technology stack [2]. I think allow of them allow to access raw JWT tokens [1] https://aaronparecki.com/oauth-2-simplified/ [2] http://www.keycloak.org/docs/latest/securing_apps/index.html#openid-conne... вт, 20 февр. 2018 г. в 4:49, Anton <kurrent93(a)gmail.com&gt;: